feat: oidc web1 basics

2025-12-10 06:28:34 +01:00 · 2023-01-08 23:01:42 +01:00
parent 4b9ee96989
commit d926d70a5f
7 changed files with 124 additions and 1 deletions
--- a/roles/web1/tasks/main.yaml
+++ b/roles/web1/tasks/main.yaml
@@ -0,0 +1,64 @@
+- name: Install python packages
+  pip:
+    name: 
+      - itsdangerous==2.0.1
+      - flask
+      - flask-oidc
+      - Flask-SQLAlchemy
+      - MarkupSafe
+      - Pillow
+      - waitress
+
+- name: fix dumb flask oidc scheme bug
+  lineinfile:
+    path: /usr/local/lib/python3.9/dist-packages/flask_oidc/__init__.py
+    regex: "            flow\\.redirect_uri = url_for\\('_oidc_callback', _external=True\\)"
+    line:  "            flow.redirect_uri = url_for('_oidc_callback', _external=True, _scheme='https')"
+    backup: yes
+
+- name: Set mode /usr/local/lib/ (python libraries)
+  file:
+    path: /usr/local/lib/
+    mode: 'a+rX'
+    recurse: true
+
+- name: Clone repositories
+  git:
+    repo: https://github.com/FAUSheppy/{{ item }}.git
+    dest: "/var/www/{{ item }}"
+  with_items:        
+    - python-flask-picture-factory
+    - simple-log-server
+    - soundlib-interface
+
+- name: Deploy OIDC config (config)
+  template:
+    src: oidc_config.json.j2
+    dest: "/var/www/{{ item }}/oidc.json"
+    owner: www-data
+    group: www-data
+  with_items:
+    - python-flask-picture-factory
+    - simple-log-server
+    - soundlib-interface
+
+- name: Deploy OIDC config (client secrets)
+  template:
+    src: oidc_client_secrets.json.j2
+    dest: "/var/www/{{ item }}/oidc_client_secrets.json"
+    owner: www-data
+    group: www-data
+  with_items:
+    - python-flask-picture-factory
+    - simple-log-server
+    - soundlib-interface
+
+- name: Systemd Units
+  template:
+    src: "waitress-systemd-unit.j2"
+    dest: "/etc/systemd/user/{{ item.name }}.service"
+  with_items:
+    - { name : "image-factory",     path : "/var/www/python-flask-picture-factory", port : 5000 }
+    - { name : "serien-ampel",      path : "/var/www/serien-ampel",                 port : 5001 }
+    - { name : "simple-log-server", path : "/var/www/simple-log-service",           port : 5002 }
+    - { name : "soundlib",          path : "/var/www/soundlib-interface",           port : 5003 }